im creating a registry for my website, and so far its all good, but when you register, it doesnt put the username into the database, its puts the password and email though
<?php
@mysql_connect("localhost", "user", "pass") or die("Cannot connect to DB!开发者_高级运维");
@mysql_select_db("") or die("Cannot select DB!");
$sql= "INSERT INTO member (username, password, email) VALUES('$loginid','$password','$email')";
$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
$insert_query = 'insert into member (username,password,email) values("' . $_POST['username'] . '","' . $_POST['password'] . '","' . $_POST['email'] . '")';
mysql_query($insert_query);
?>
Thank you for your help in advance :D
Are you sure that you have the correct name of the element in your form? And that you are POST'ing the form and not using GET? Also, you shouldn't be inserting passwords into the DB in plain text, but use MySQL's password
function, nor should you be forming your mysql statement like that as it leaves your DB open to SQL injection. Try this:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$insert_query = "insert into member (username,password,email) values('$username', PASSWORD('$password'), '$email')";
精彩评论